Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A computing system comprising: a processor configured to select a first code-signer version among a plurality of code-signer versions corresponding to a respective first model among a plurality of different models using model information of an electronic device, to receive a signature, which is generated using a firmware image, from an external hardware security module, to generate a signed firmware image by combining the received signature and the firmware image using the selected first code-signer version, and to output the signed firmware image to the electronic device for installation as a firmware update; and a memory configured to store the plurality of code-signer versions.
This invention relates to secure firmware updates for electronic devices, addressing the challenge of ensuring compatibility and authenticity when deploying firmware across diverse device models. The system includes a processor and a memory. The memory stores multiple code-signer versions, each associated with different device models. The processor selects a specific code-signer version based on model information of the target electronic device. It then receives a signature for a firmware image from an external hardware security module, which ensures the firmware's integrity and authenticity. Using the selected code-signer version, the processor combines the signature with the firmware image to create a signed firmware image. This signed image is then output to the electronic device for installation as a firmware update. The system ensures that the correct signing method is applied per device model, preventing compatibility issues and maintaining security during updates. The use of an external hardware security module further enhances trust in the signing process.
2. The computing system of claim 1 , further comprising: a first interface configured to receive the model information of the electronic device and the firmware image.
A computing system is designed to manage firmware updates for electronic devices, addressing challenges in ensuring compatibility and reliability during the update process. The system includes a processing unit that analyzes model information of an electronic device and a firmware image to determine compatibility between the two. This analysis helps prevent errors or malfunctions that could arise from installing incompatible firmware. The system also includes a second interface that transmits the firmware image to the electronic device only if the compatibility check is successful. Additionally, the system may include a storage unit to store the model information and firmware image, ensuring data is readily available for future updates or reference. The first interface is specifically configured to receive both the model information of the electronic device and the firmware image, enabling the system to gather necessary data for the compatibility assessment. This ensures that the firmware update process is both secure and efficient, reducing the risk of device damage or performance issues.
3. The computing system of claim 1 , further comprising: a second interface configured to send the firmware image to the external hardware security module and to receive the signature from the external hardware security module.
A computing system is designed to securely manage firmware updates for hardware components. The system addresses the challenge of ensuring the integrity and authenticity of firmware images during updates, preventing unauthorized or corrupted firmware from being installed. The system includes a first interface that receives a firmware image for a hardware component and a verification module that verifies the firmware image using a cryptographic signature. The verification module checks the signature against a trusted public key to confirm the firmware's authenticity and integrity before installation. The system also includes a second interface that sends the firmware image to an external hardware security module (HSM) and receives the signature from the HSM. The HSM generates the cryptographic signature using a private key, ensuring that only authorized firmware images can be verified. This two-way communication between the computing system and the HSM enhances security by offloading cryptographic operations to a dedicated, tamper-resistant device. The system ensures that firmware updates are secure, reliable, and resistant to tampering, protecting the hardware component from malicious or corrupted firmware.
4. The computing system of claim 1 , further comprising: a first interface configured to receive a key request; and a second interface configured to send the key request to the external hardware security module.
A computing system is designed to enhance secure key management by interfacing with an external hardware security module (HSM). The system includes a first interface that receives a key request, such as a request to generate, store, or retrieve cryptographic keys. A second interface forwards this key request to the external HSM, which processes the request in a secure, tamper-resistant environment. The HSM may generate cryptographic keys, perform encryption or decryption operations, or manage key storage securely. The computing system ensures that sensitive key operations are offloaded to the HSM, reducing the risk of exposure to software-based vulnerabilities. This approach improves security by leveraging the HSM's hardware-based protections, such as physical isolation and secure key storage, while allowing the computing system to handle other processing tasks. The system is particularly useful in environments requiring high-security cryptographic operations, such as financial transactions, data encryption, or authentication systems. By integrating with an external HSM, the computing system maintains strong security without requiring dedicated hardware within its own infrastructure.
5. The computing system of claim 4 , wherein a public key and a private key are generated using the key request, wherein the public key is received through the second interface, and wherein the public key is output through the first interface.
A computing system generates cryptographic keys for secure communication. The system includes a first interface for receiving a key request and a second interface for receiving a public key. The system processes the key request to generate a public key and a corresponding private key. The public key is then output through the first interface, while the private key is securely stored within the system. This allows the system to facilitate secure key exchange protocols, such as asymmetric encryption, where the public key is shared with external entities for encryption, and the private key remains confidential for decryption. The system ensures that the private key is never exposed, maintaining the integrity of the cryptographic process. This approach is useful in applications requiring secure data transmission, authentication, or digital signatures, where key generation and management are critical for security. The system may be integrated into devices or services that handle sensitive information, ensuring that cryptographic operations are performed efficiently and securely.
6. The computing system of claim 5 , wherein the public key is stored in the electronic device.
A computing system is designed to enhance security in electronic devices by managing cryptographic keys. The system includes an electronic device with a secure storage module that holds a public key, ensuring secure access to encrypted data. The system also features a key management module that generates, stores, and retrieves cryptographic keys, including symmetric and asymmetric keys, to facilitate secure communication and data protection. The key management module can generate a symmetric key for encrypting data and an asymmetric key pair for authentication and encryption. The system further includes a communication interface for transmitting encrypted data to external devices, ensuring secure data exchange. The secure storage module protects the public key from unauthorized access, preventing tampering or theft. This system addresses the challenge of securing sensitive data in electronic devices by providing a robust key management framework that integrates secure storage, key generation, and encrypted communication. The solution ensures that cryptographic keys are managed efficiently while maintaining high security standards.
7. The computing system of claim 1 , wherein the plurality of code-signer versions include different code-signer algorithms, and wherein the processor combines the firmware image and the signature, using a first code-signer algorithm included in the selected first code-signer version.
A computing system is designed to enhance the security of firmware updates by using multiple code-signer versions, each implementing different cryptographic algorithms for generating and verifying digital signatures. The system addresses the risk of vulnerabilities in a single signing algorithm by providing redundancy and flexibility in firmware authentication. The system includes a processor that selects a first code-signer version from a plurality of available versions, each employing distinct algorithms. The processor then combines a firmware image with a corresponding signature using the algorithm from the selected version. This approach ensures that if one algorithm is compromised, alternative versions can still validate the firmware's integrity. The system may also include a memory storing the firmware image, the signature, and the code-signer versions, as well as a communication interface for receiving firmware updates. The use of multiple signing algorithms improves resilience against attacks targeting specific cryptographic weaknesses, ensuring secure firmware deployment in embedded systems, IoT devices, or other computing environments where firmware integrity is critical.
8. The computing system of claim 1 , wherein the firmware image is a first firmware image, the signature is a first signature, and the signed firmware image is a signed first firmware image, wherein the processor receives a second firmware image, which is different from the first firmware image, and the model information, wherein the processor receives a second signature, which is generated using the second firmware image, from the external hardware security module, wherein the processor generates a signed second firmware image by combining the second signature and the second firmware image using the selected first code-signer version, and wherein the first signature is different from the second signature.
This invention relates to secure firmware updates in computing systems, addressing the challenge of verifying and signing firmware images to prevent unauthorized modifications. The system includes a processor that receives a first firmware image and model information, then obtains a first signature for the firmware image from an external hardware security module (HSM). The processor combines the signature and firmware image using a selected code-signer version to create a signed firmware image. The system also handles a second firmware image, distinct from the first, by receiving it along with model information and obtaining a second signature from the HSM. The processor generates a signed second firmware image by combining the second signature and the second firmware image using the same code-signer version, ensuring the first and second signatures differ. The HSM securely generates signatures, while the processor manages the signing process, enabling secure firmware updates with cryptographic verification. This approach ensures firmware integrity and authenticity by leveraging external HSMs for signature generation and controlled signing processes.
9. The computing system of claim 1 , wherein the firmware image, the signature, the signed firmware image, the electronic device, and the model information correspond to a first firmware image, a first signature, a first signed firmware image, a first electronic device, and first model information, respectively, and wherein the processor receives a second firmware image different from the first firmware image and second model information of a second electronic device, and selects a second code-signer version among the plurality of code-signer versions using the second firmware image.
This invention relates to firmware verification in computing systems, specifically addressing the challenge of securely validating firmware updates across different devices and firmware versions. The system ensures that firmware images are authenticated using cryptographic signatures before installation, preventing unauthorized or corrupted updates. The invention involves a computing system that processes firmware images, signatures, and model information to verify authenticity. The system includes a processor that selects an appropriate code-signer version from multiple available versions based on the firmware image and device model information. This selection ensures compatibility and security during firmware updates. The system can handle multiple firmware images and device models, dynamically choosing the correct signing method for each. For example, a first firmware image and device model are verified using a first signature and code-signer version, while a second firmware image and device model use a different code-signer version. This approach enhances security by ensuring only properly signed firmware is installed, reducing risks of tampering or malicious updates. The system is particularly useful in environments where devices have varying firmware requirements, ensuring consistent and secure updates across different hardware models.
10. The computing system of claim 9 , wherein the processor receives a second signature, which is generated using the second firmware image, from the external hardware security module and generates a signed second firmware image by combining the second signature and the second firmware image using the second code-signer version.
A computing system is designed to securely update firmware using a hardware security module (HSM) to verify and sign firmware images. The system addresses the problem of ensuring the integrity and authenticity of firmware updates, which is critical for maintaining system security and preventing unauthorized modifications. The system includes a processor that receives a second firmware image and a second signature generated by an external HSM. The second signature is created using the second firmware image, ensuring that the firmware has not been tampered with. The processor then generates a signed second firmware image by combining the second signature with the second firmware image, using a second code-signer version. This process ensures that the firmware update is cryptographically verified and signed, maintaining the security and trustworthiness of the system. The use of an external HSM provides an additional layer of security, as the signing process is performed by a dedicated hardware component that is resistant to tampering. The system may also include a memory for storing the firmware images and signatures, and a communication interface for receiving the firmware images and signatures from the HSM. The overall approach ensures that firmware updates are securely verified and signed, preventing unauthorized modifications and maintaining system integrity.
11. A firmware update system comprising: a computing system comprising a memory and a processor including a signed firmware generation unit; and a hardware security module comprising a signature generation unit and a security storage, wherein the computing system is configured to receive a first firmware image from a user of a first electronic device and transmit the first firmware image to the signature generation unit, wherein the signature generation unit is configured to read a first private key of the first firmware image from the security storage, generate a first hash value from the first firmware image, generate a first signature using the first hash value and the first private key, and transmit the first signature to the signed firmware generation unit, and wherein the signed firmware generation unit is configured to receive the first signature, receive first model information of the first electronic device from the user, select a first code-signer version from a plurality of code-signer versions corresponding to a respective first model among a plurality of different models stored in the memory using the first model information, combine the first firmware image and the first signature using the selected first code-signer version to generate a first signed firmware image, and transmit the first signed firmware image to the user for installation to the first electronic device as a firmware update.
A firmware update system addresses the challenge of securely distributing firmware updates to electronic devices with varying models and configurations. The system includes a computing system with a memory and processor, featuring a signed firmware generation unit, and a hardware security module with a signature generation unit and secure storage. The computing system receives a firmware image from a user of an electronic device and forwards it to the signature generation unit. The signature generation unit retrieves a private key associated with the firmware image from secure storage, computes a hash value of the firmware image, and generates a signature using the hash and private key. This signature is sent to the signed firmware generation unit in the computing system. The signed firmware generation unit also receives model information of the electronic device from the user, selects an appropriate code-signer version from multiple versions stored in memory based on the device model, and combines the firmware image with the signature using the selected code-signer version to produce a signed firmware image. The signed firmware image is then transmitted to the user for installation on the electronic device as an update. This system ensures secure and model-specific firmware updates, preventing unauthorized modifications and ensuring compatibility.
12. The firmware update system of claim 11 , wherein the computing system is further configured to receive a first key request from the user and transmit the first key request to a key generation unit in the hardware security module, and wherein the key generation unit generates a first public key and the first private key using the first key request, stores the first public key and the first private key in the security storage, and transmits the first public key to the computing system.
A firmware update system enhances security for computing devices by integrating a hardware security module (HSM) to manage cryptographic keys. The system addresses vulnerabilities in firmware updates by ensuring secure key generation and storage, preventing unauthorized access or tampering. The computing system interacts with the HSM to generate and manage cryptographic keys. When a user initiates a key request, the computing system forwards this request to the HSM's key generation unit. The key generation unit creates a public-private key pair, securely stores both keys in the HSM's security storage, and transmits the public key back to the computing system. This process ensures that private keys remain isolated within the HSM, reducing exposure to potential attacks. The system supports secure firmware updates by leveraging these keys for authentication and encryption, mitigating risks associated with firmware integrity and unauthorized modifications. The HSM's tamper-resistant design further enhances security by protecting keys from physical and logical attacks. This approach is particularly useful in environments where firmware updates must be verified and authenticated to maintain system integrity and security.
13. The firmware update system of claim 12 , wherein the first public key is stored in a first boot loader of the first electronic device and the first signed firmware image is stored in a second boot loader of the first electronic device.
A firmware update system for electronic devices ensures secure and reliable firmware updates by using cryptographic verification. The system addresses the risk of unauthorized or corrupted firmware updates, which can compromise device security and functionality. The system includes a first electronic device with a first boot loader and a second boot loader. The first boot loader stores a first public key used to verify the authenticity of firmware updates. The second boot loader stores a first signed firmware image, which is cryptographically signed to ensure its integrity and authenticity. During the update process, the first boot loader uses the first public key to verify the digital signature of the first signed firmware image before allowing the update to proceed. This dual-boot loader architecture enhances security by separating the verification and storage components, reducing the risk of tampering. The system may also include a second electronic device with a second public key and a second signed firmware image, allowing for coordinated updates across multiple devices. The use of cryptographic signatures ensures that only authorized firmware updates are applied, protecting the devices from malicious or corrupted updates. This approach is particularly useful in embedded systems and IoT devices where security and reliability are critical.
14. The firmware update system of claim 11 , wherein the computing system is further configured to receive a second firmware image and second model information of a second electronic device, wherein the signature generation unit is further configured to generate a second signature using the second firmware image and transmit the second signature, wherein the signed firmware generation unit is further configured to select a second code-signer version from the plurality of code-signer versions using the second model information and combine the second firmware image and the second signature using the second code-signer version to generate a second signed firmware image, and wherein if the first model information and the second model information are the same, the first code-signer version and the second code-signer version are the same.
This invention relates to a firmware update system designed to securely distribute firmware updates to electronic devices. The system addresses the challenge of ensuring firmware integrity and compatibility across different device models by dynamically selecting appropriate cryptographic signing methods. The system receives a firmware image and model-specific information for an electronic device. A signature generation unit creates a cryptographic signature for the firmware image. A signed firmware generation unit then selects a specific code-signer version based on the device model information and combines the firmware image with its signature using this version to produce a signed firmware image. The system ensures that devices of the same model use the same code-signer version, maintaining consistency in firmware validation. The system can handle multiple firmware images and device models, dynamically adjusting the signing process to match each device's requirements. This approach enhances security by preventing unauthorized firmware modifications while ensuring compatibility across different device models. The system's modular design allows for flexible integration with various firmware update workflows.
15. The firmware update system of claim 11 , wherein the first firmware image, the first signature, size information of the first signature, and zero padding are combined to form the first signed firmware image, and wherein the first signature, the size information, and the zero padding together have a fixed size.
A firmware update system is designed to securely distribute and verify firmware updates for electronic devices. The system addresses the challenge of ensuring the integrity and authenticity of firmware updates while efficiently managing data transmission and storage. The system combines a firmware image, a cryptographic signature, size information of the signature, and zero padding to form a signed firmware image. The signature, size information, and zero padding together occupy a fixed-size block, ensuring consistent data handling and reducing the risk of errors during transmission or storage. This fixed-size structure simplifies the verification process by allowing the system to predictably locate and validate the signature within the signed firmware image. The use of zero padding ensures that the combined data aligns with predefined memory or storage boundaries, improving compatibility with various hardware and software components. The system may also include mechanisms to generate, distribute, and verify the signed firmware image, ensuring that only authorized and unaltered firmware updates are applied to the target devices. This approach enhances security and reliability in firmware update processes, particularly in environments where tampering or corruption of update data could lead to device malfunctions or security vulnerabilities.
16. An electronic device comprising: storage configured to store a first certificate element; a modem configured to receive over a network at least one signed firmware image including at least one executable firmware image; a nonvolatile memory device configured to store the at least one executable firmware image; and a processor configured to execute the at least one executable firmware image, wherein the at least one signed firmware image further includes a second certificate element, a third certificate element, and a signature, wherein the processor verifies the second certificate element by using a first public key included in the first certificate element, verifies the third certificate element by using a second public key included in the second certificate element if the verification of the second certificate element is successful, and verifies the signature by using a third public key included in the third certificate element if the verification of the third certificate element is successful, wherein the processor executes the executable firmware image as a firmware update if the verification of the signature is successful.
This invention relates to secure firmware updates for electronic devices, addressing the need to verify the authenticity and integrity of firmware images before installation. The system includes storage for a first certificate element, a modem for receiving signed firmware images over a network, nonvolatile memory for storing executable firmware, and a processor to execute the firmware. The signed firmware image contains an executable firmware image, a second certificate element, a third certificate element, and a signature. The processor verifies the second certificate element using a first public key from the first certificate element. If successful, it verifies the third certificate element using a second public key from the second certificate element. If that verification succeeds, the processor checks the signature using a third public key from the third certificate element. Only if all verifications pass does the processor execute the firmware as an update. This multi-layered verification ensures that firmware updates are authentic and unaltered, preventing unauthorized or corrupted updates from being installed. The system is designed to enhance security in devices that require reliable firmware updates, such as IoT devices, embedded systems, or networked appliances.
17. The electronic device of claim 16 , wherein the first certificate element is a root certificate authority (CA), the second certificate element is a certificate authority (CA), and the third certificate element is a code verification certificate (CVC) of a first code-signer version among a plurality of code-signer versions corresponding to a respective plurality of different electronic device models.
This invention relates to electronic device security, specifically a system for managing certificate verification in devices with varying hardware models. The problem addressed is ensuring secure code execution across different device models, each requiring distinct verification certificates due to differences in hardware or firmware. The solution involves a hierarchical certificate structure where a root certificate authority (CA) issues certificates to intermediate CAs, which in turn issue code verification certificates (CVCs) specific to different code-signer versions. Each code-signer version corresponds to a particular electronic device model, ensuring that only authorized code signed by the appropriate CVC can execute on a given device. The system dynamically selects the correct CVC based on the device model, preventing unauthorized code execution while maintaining compatibility across multiple hardware variants. This approach improves security by enforcing model-specific verification while simplifying certificate management through a structured hierarchy. The invention is particularly useful in environments where devices with varying hardware configurations must execute signed code securely.
18. The electronic device of claim 16 , wherein the at least one signed firmware image further includes hash data, and wherein the processor verifies the at least one executable firmware image by using the hash data if the verification of the signature is successful and executes the at least one executable firmware image if the verification of the at least one executable firmware image is successful.
An electronic device includes a processor and at least one signed firmware image stored in memory. The firmware image contains executable code and a digital signature for authentication. The processor verifies the signature to ensure the firmware's integrity and authenticity. If the signature verification succeeds, the processor further checks the firmware's integrity using hash data included in the firmware image. Only after both verifications are successful does the processor execute the firmware. This dual-layer security approach prevents unauthorized or corrupted firmware from being executed, enhancing device security against tampering and malicious attacks. The system ensures that only trusted and unaltered firmware is deployed, maintaining the device's operational integrity and protecting sensitive data. The hash data provides an additional verification step beyond the digital signature, offering a robust defense mechanism against potential vulnerabilities in the signature verification process. This method is particularly useful in environments where firmware integrity is critical, such as in embedded systems, IoT devices, and secure computing platforms.
19. The electronic device of claim 16 , wherein the storage includes a separate hardware device equipped with a security system.
The invention relates to electronic devices with enhanced data security features. The problem addressed is the vulnerability of stored data to unauthorized access, particularly in devices where storage is integrated with other components. The solution involves an electronic device that includes a storage system with a separate hardware device equipped with a security system. This separate hardware device is designed to isolate sensitive data from the main processing components, reducing the risk of unauthorized access or tampering. The security system may include encryption, access controls, or other protective measures to safeguard stored information. The storage system is configured to communicate with other components of the electronic device while maintaining the security of the data. This approach ensures that even if other parts of the device are compromised, the isolated storage remains secure. The invention is particularly useful in applications where data confidentiality and integrity are critical, such as in financial systems, healthcare devices, or secure communication platforms. The separate hardware device may also include additional features like tamper-resistant packaging or secure boot mechanisms to further enhance protection. By physically and logically isolating the storage, the invention provides a robust defense against various types of cyber threats.
20. The electronic device of claim 16 , wherein the at least one signed firmware image further includes time information representing at least one of a time when the signature is generated or a time when the signed firmware image including the signature is generated.
This invention relates to electronic devices with secure firmware updates, addressing the need for verifying the authenticity and integrity of firmware images during updates. The device includes a processor and memory storing at least one signed firmware image, where the firmware image is digitally signed to ensure it has not been tampered with. The signature is generated using a private key associated with a trusted entity, and the device verifies the signature using a corresponding public key before applying the firmware update. The signed firmware image includes time information, such as the timestamp when the signature was generated or when the signed firmware image was created. This time information allows the device to validate the freshness of the firmware image, ensuring it is not outdated or compromised. The device may also include a secure storage module to store cryptographic keys and other sensitive data, protecting them from unauthorized access. The firmware update process involves receiving the signed firmware image, verifying its signature and time information, and only applying the update if both checks pass. This ensures that only authentic, up-to-date firmware images are installed, enhancing the security and reliability of the electronic device.
Unknown
December 22, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.